Slashdot Mirror
Senator Asks FBI Director To Justify His 'Ill-Informed' Policy Proposal For Encryption (gizmodo.com)
In a speech earlier this month, FBI Director Christopher Wray said the inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an "urgent public safety issue." He proposed that Silicon Valley companies should add a backdoor to their encryption so that they could both "provide data security and permit lawful access with a court order." One person is not amused by Wray's proposal. Senator Ron Wyden criticized Wray on Thursday for not consulting him before going public with the proposal for encryption. Wyden said today, via Gizmodo: Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers. For years, these experts have repeatedly stated that what you are asking for is not, in fact, possible. Building secure software is extremely difficult, and vulnerabilities are often introduced inadvertently in the design process. Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely.
[...] I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you've personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.
[...] I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you've personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.
I'll just leave this here.
The problem is not at all new, and the Senator is right to allude to the Lawman's predecessors.
In Soviet Washington the swamp drains you.
weak troll is weak
Um... maybe to ensure that your bank transactions are kept secure such that those potentially snooping upon them can't follow up your legitimate transactions with ones that, for instance, move all of the money from your account to their own accounts?
I mean... just as a starter for 10...
-- Gaxx
The FBI is completely trustworthy and beyond reproach!
If the FBI says it's OK and won't be misused, by golly, they're right!
I wouldn't wait until Feb 23rd. I'd kick him to the curb without even saying "excuse me, but I'm about to kick your ass to the curb".
Sen. Ron Wyden schools FBI Dir. Christopher Wray.
Because encrypting also hides information from criminals. If I'm buying something online, I want to give my credit card information to that site, not the whole world. If the site encrypts the traffic, it can protect my data. If it doesn't, anyone can listen in and then charge items on my credit cards. (It gets worse if you need to use a site to submit more personal information like your social security number.)
If the authorities have a backdoor key, it's only a matter of time before the criminals get that key too. Even if we assumed the authorities had the purest of intentions (a HUGE assumption mind you), I would still want encryption without "police only" back doors to protect against malicious users abusing the back door.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Thanks Ron, seriously. Nice to see that not all politicians have lost their mind.
Senator Ron Wyden: intelligent and well-informed
FBI Director Christopher Wray: either imbecile and/or not to be trusted
#DeleteFacebook
As a republican living in OR, thank you Mr. Wyden. I wish more of legislature had an iota of common sense and understanding relating to tech before shitting out half-assed regulation with absolutely no care taken to unintended consequences.
We should be more focused on keeping the pigs honest than catching the *incredibly* rare bogeymen.
Shady as heck, preying upon the fears of those poor uninformed politicians! That's so mean!
Not trolling. Serious question. Different states have different policies and it seems likely have acceptable outcomes in their respective societies. North Korea allegedly is the worst, with the mandated document editors saving copies of, and watermarking everything you write. But even in the US we've lived with having all printers watermark all documents (why you run out of yellow ink so fast) as well as PRISM and other data slurps. On the flip side law enforcement has had to confront cryptography for centuries and presumably most of it was uncrackable in it's own era.
The key difference is ubiquity and the accessibility to the tools by a non-expert.
Their is precedence for law enforcement not allowing cryptography. For example, when encrypted CB radios were put on the market they were quickly nixed (drug smugglers used them, allegedly).
Some drink at the fountain of knowledge. Others just gargle.
Given that the FBI can't even track down messages sent between their own agents that they were required to "compliance" and archive, I'm not sure how encryption can add more difficulty. They've got a Keystone Cops vibe going there.
Just unlock your main doors too, if you're not hiding something nefarious from the authorities. Oh, criminals who would take advantage, you say? Exactly with encryption, to protect yourself from criminals who are snooping on your online transactions.
Then in November, the Republican challenger will say that the baby killing Democrat who is beholden to Nancy Pelosi and her San Francisco values is soft on terror and that HE'd let our Saintly law enforcement people have a backdoor to encryption to save us from ISIS and other terrorists.
It works. I've seen it time and time again. On 9/11/01 and then in November 2008, the Republicans jumped on the crazy train and chained themselves to it. The party of Gerry Ford and George H. W. Bush is dead Fred.
Ron Reagan was the one who switched the tracks to Crazy Town.
One of the aspects of a free society, is the general concept of innocent until proven guilty. We encrypt in order to protect our information from bad actors. A government is managed by people not all of them trustful, so the government shouldn't get my data, unless absolutely needed say via a warrant. Because I am innocent until proven of a crime, so my encrypted communication shouldn't be considered anything nefarious until I am expected to be up to something concrete.
I expect for 99.99% of all encrypted data it is just information that isn't proof of wrong doing. But lets say this post from Jellomizer connects me to my boss who may disagree with such a position could get me fired, because my Point of view while perfectly legal may not be in sync with the company policy.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Can we mod this senator up?
In a few weeks, an avalanche of dirt (both true and untrue) from "anonymous whistle-blowers" about this Senator Wyden will start mysteriously appearing in news stories all over the country.
They'll continue at least until he resigns in disgrace, is imprisoned due to the absolutely totally not photoshopped(*) donkey-fucking kiddie-porn incest home movies, or commits suicide.
(*) The FBI have access to far better software than photoshop.
Well, then, there's at least one Congresscritter in our government who has a working brain! Who knows, maybe he can educate the rest of them?
I don't know anything about this Senator; but on this one topic alone, he would have my vote!
I'd suggest we all write him and thank him for his courage and intelligence...
https://www.wyden.senate.gov/c...
Congratulations! You get the Low Quality Bait Award for the day!
We encrypt in order to protect our information from bad actors.
Rob Schneider's always after my password!
systemd is Roko's Basilisk.
He's probably thinking short-term: kiss up to the current Boss T; and back-doors may be helpful to HIS job in the shorter term, with longer term consequences being somebody else's problem.
Unless, hackers crack the back-door quicker than he expects. Perhaps he's thinking he can then blame the product companies for "doing back doors sloppily". Thus, spin the breach as bad implementation, not bad law.
Those in higher positions are often pretty good at having a "blame plan" ready, in my experience. They don't plan much else well, but strategic blaming is a necessary skill to rise in power. CYA Calculus.
Table-ized A.I.
It just hit me that one of the reasons this story is so strange, is that someone in government (who is this Senator Wyden?) is treating the situation in a way that you might expect from an adult. I'm not used to this.
Are we sure he's a Senator from a state in America? I don't want to later find out that Oregon is a place in Wales or something like that.
I'm sure this is a joke, but i'm hoping that it is literal and true.
Ooooohhhhh!!
What will wealthy criminals, cults, faiths, political groups, competitors, spies do when they work out the US gov has the keys to most consumer communications?
They will ask their dual citizens, faith members, criminals, corrupt military/police/gov for the federal backdoor keys.
Interesting people/cults/criminals will use the junk crypto to run real time counter surveillance on US police/federal/state/city task forces and mil.
If that fails they will watch for nations the US trusts and get a copy for that nations mil/police/gov.
Dont tell anyone the FBI has the keys, ever.
Build up a voice print database and cell phone ID matching system within the FBI. Stop using other agency/teloc/contractor support within the USA. Too many ex and former workers who might have gov methods to sell to keep track of.
Start investigations internally but always have another reason for lawyers, FOIA, human rights groups, mid and low ranking cult members, faith groups, corrupt military/police to guess at. Informers, witnesses, luck, past investigative work. Anything to keep the interesting people guessing and talking as to FBI skill sets and methods.
The bad people do not need to know the FBI has their conversations, voice prints, locations, files.
Let the bad people keep trusting their computers, cell phones, big brand junk crypto.
Ensure criminals feel confident to keep talking to their friends and with corrupt people in the military/police/gov/big brands/telcos.
Suggest to the media and lawyers that every next generation of computer and cell phone is very/too difficult for law enforcement.
Once bad people know the backdoor exists in every gen of cell phone they can just stop using that live mic and GPS they carry around.
They can return to community, faith, their own networks.
Consider how the GCHQ worked in Ireland to stop the flow of support entering Ireland. Lots of interesting people had a theory but nobody worked out the methods used to track interesting people, support moving, funding globally.
If the crypto is junk, don't tell the world, use the data gathered and win.
Domestic spying is now "Benign Information Gathering"
I fully expect the bookies to take bets on whether the authorities lose the keys before the black hats find them. I am still considering my position on this one.
Sent from my ASR33 using ASCII
He's talking about "baseless attacks on professional law enforcement", "professional law enforcement" being the FBI in this case.
https://twitter.com/RonWyden/s...
I can personally reconcile those two things, but the optics aren't good. I know the response: "But my attack wasn't *baseless*." Okay. The problem is that it's a matter of opinion.
Do you have ESP?
The FBI is saying that the public law enforcement need justifies weakening already strong encryption.
Though others will disagree that encryption should be anything but the strongest available.
The issue (from the FBI's point of view) is they went and got the warrant, took your phone, and still can't read your data.
They want a backdoor so that once they take your phone they are able to read the data so that when they are allowed to do so they can.
And really that would be possible. The phone manufacturers could include a unique per device override pin that is burned into the secure enclave and works like the user defined pin. Then when the FBI gets the warrant they can also subpoena the override pin form the manufacturer once they have the device and can see it's serial number. This would reduce the time to brute force the pin as there are now two successful results, but that can be mitigated by making pins longer.
This would provided all involved act responsibly work exactly as intended. Individuals have secure communications and law enforcement can get the override and pin they need via existing legal channels when investigating a crime. And having one pin does not extend to opening arbitrary devices.
The problem of coarse, is that the existence of the override pin and the phone manufacturer having the list of them means that if the manufacturer's security is compromised all the phones they have sold are compromised as well. The FBI doesn't care about that because they arn't the one who'd have to deal with the PR nightmare of having to explain their security was breeched or eat the cost of resolving the situation.
It looks like the senator gave him a month to dig up an excuse, and left him with very little wiggle room. It's nice to see a tech-savvy representative, and specifically one that knows how to close all the escapes at the same time to speed up the process. I'm sure the director would love to be able to stall for 30 days and then step back up into the light and kick the can down the road another 30 days, but I don't see that happening this time.
He's either going to have to dig up some at least semi-reputable cryptographers to throw under the bus, or admit that he's "pulling a trump" and ignoring all the experts around him in favor of his own opinions on the matter. (though in this case it's almost certainly coming down to just doing specifically what he's been told to do, more of a "trump by proxy" move) It's rather irritating to see we've set things up so that certain people can't make certain rules, but then we go and let them replace the person responsible for that rule with someone that will do whatever they tell them to - it defeats the purpose of the separation.
I'm also a little bit curious why I haven't seen this whole idea get compared with the TSA's baggage locks? Isn't that basically the same idea as this, though on a much more limited scale? Mandating a government back-door, and all the unintended as well as the widely-anticipated problems that you get as a result?
I work for the Department of Redundancy Department.
1. Made the location of those keys a target for criminals with a huge payoff.
2. Made it easy for certain of the authorities themselves to abuse those keys for illegitimate purposes.
The sickening thins is that this is a bi-partisan issue, that BOTH sides have horrible track records for. It seems that privacy and security of their constituents takes a back seat to anything else. Wonder why that is.
Silence is a state of mime.
Sooner or later it will leak. See WannaCry and reason why Kaspersky was banned. Those issues were related to bug/tool leaks that were supposed to be very confidential.
One of the few state actors in the US operating with legitimacy.
The right of the people to be secure in their persons, houses, papers, and effects,[a] against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
If you believe the 4th amendment is compatible with government encryption backdoors, you are part of the problem.
Don't forget if we're talking about communication the ideal is perfect forward secrecy otherwise if master keys are compromised attackers (e.g. Russia, NK) who have stored past encrypted data have access to it all.
The problem is not so much ordinary blackhats, but persistent attacks by well-equipped nation states who would like to get access to all this data. It's impossible to keep backdoor keys protected against such attacks if you hand out access to these keys to general law enforcement.
Wait till you have your wallet/credit card info and/or health record stollen off your android/iphone. Then tell us that encryption is not needed.
Here's the problem with that bet:
How can you prove the source of the key.
I think we've pushed this "anyone can grow up to be president" thing too far.
Is it? I'd like to see some cost-benefit analysis, before I accept the above statement. The cost, obviously, is that some crimes (including grievous ones) will become much harder — and even outright impossible — to solve (or prove in court). The benefit is that the innocent people will have their communications and data protected from illegal snooping without personal technical knowledge.
What outweighs what is not immediately clear...
Personally, I'm inclined to agree wit your statement for the same reasons I value (worship!) the Second Amendment — whether or not it is net-beneficial, arming oneself is an inalienable human right. But I'm certain, you don't view it that way — so what's your reasoning?
In Soviet Washington the swamp drains you.
Wyden was always reliable on this sort of issue. If you search his name, you'll see a lot of past stories not unlike this one on various encryption or privacy issues.
We could use more people in Congress like him.
too bad he is not even in my State but that is the most sensible statement from a Senator that I've seen this year!
Hopefully on Feb 24 he will publish FBI Director Christopher Wray along with a suggestion that FBI Director Christopher Wray resign for being inept.
Right, this is really the issue.
No matter how they implement a backdoor, it will automatically make encryption weaker. Not to mention that anybody could then use additional encryption to prevent anybody from reading it. Then you get "You wouldn't use more encryption unless you were guilty of something" courtroom nonsense that we already have, just with an additional layer of waste on top.
That and your setup also suggests that we don't already have tons of issues with companies making things like IoT devices vulnerable without even needing the backdoor. Leaving the telnet port open by default with no way of changing a default password rings a bell. They're getting better but this sort of thing still happens. I can't imagine this will be an exception.
I would be a well deserved (Score:5, Insightful) for a comment that basically says, "Cite?"
AC re 'criminals *will* have the backdoor key?"
SISMI-Telecom scandal https://en.wikipedia.org/wiki/...
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
Once that crypto walks out of the gov/mil, anyone can become a trusted part of a nations telco network.
Domestic spying is now "Benign Information Gathering"
this guy's a hoot! look at the list - calling out the bullshit on so many topics, including pointing out the nonsense on industrial hemp being classified as a schedule 1 drug when there's BELOW 0.3% THC in it! i like this guy :) https://www.wyden.senate.gov/n...
I guess this isn't the best time to remind Mr. FBI about the Clipper Chip near-disaster. The government though they'd force people to use backdoored encryption chips in the 90s that contained a "Law Enforcement Access Field (LEAF)" and it not only compromised security but the LEAF check hash was also easily spoofed plus the Skipjack algorithm used was ripped to shreds by cryptography researchers pretty quickly after declassification. Had we been forced to use the Clipper Chip, we'd have had a major security mess on our hands since it was practically a placebo at its one main job: security.
>Why do you assert that criminals *will* have the backdoor key?
Because the backdoor key will be tremendously valuable, someone with legit access will be corrupted into handing it, or access to it, over. Similarly, a software program that provides access to the backdoor will be copied and its accountability protections stripped because it's tremendously valuable to the NSA. And so forth.
The genie ain't staying in the bottle for two fucking days.
what makes you stick with the Rs? They've been pushing the 'Tough on Crime' / 'Think of the Children' agenda for ages. Sure, Clinton (Bill) pushed it too, but largely to court Republicans. While I'm not saying the Dems are saints I think it'd be much easier to purge and/or marginalize the corporatist schelps & authoritarian types from their party than the Rs.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
It has been decades since 1984. Why are we surprised?
As a conservative, I stand with Democrat Ron Wyden in his position. And that fact made me realize something.
To liberals who often want to ban firearms: if you support Ron Wyden's reasoning about encryption, then please realize conservatives have been making the same arguments about firearms and the second amendment since forever. (e.g. if you ban strong encryption de jure, then only criminals will have strong encryption and that will be used against the average law abiding citizen).
To conservatives to often want the state to have strong enforcement powers: don't be hypocrites. If you support the FBI/NSA/CIA desires for compromised encryption for the effectiveness of law enforcement, realize that the same logic will be used against your second amendment rights.
We the people need to work together to make sure that the state doesn't abuse it's power, and this relates to encryption and firearms. Don't let the government use partisan politics to turn us against each other so that they can do as they please.
Well then they can hold you in contempt until you unlock the phone. If you burned the evidence in a fire their warrant won't help them either. So should we outlaw fire? or paper records? The point is that, at least in the U.S., we decided long ago that this level of government encroachment on personal liberty is a bad idea.
Why would you want to encrypt anything, unless you are trying to hide something nefarious from the authorities?
You are stupid.
All those crypto currencies for example, primarily exist for purchasing illegal substances and child pornography.
You are still stupid. And no, you are not worth any more elaborate response than this.
Please fuck off.
That's all he needs to say. The damage from occasional breach by criminals will be dwarf by the gains from proper law enforcement. His arguments will be non technical. They'll pass the 'truthiness' test. Emotional if you will. To be honest such arguments usually win out in the end, if only because the people making them keep pushing for it.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Well that covers much of Hollywood and some presidents.
Can I get something to protect me from bad directors as well?
Yes, you hear about those.
It's the ones you don't hear about that aren't dumb.
I've fallen off your lawn, and I can't get up.
First, just common sense, it is essential to self defense to have reliable encryption.
Second, the fed gov't already treats encryption technology like "arms" in some ways, i.e., export controls.
So NRA, where are you now? Why aren't you protecting our rights?!?!
So, now the bad actor ( could be Rob Schneider, or a host of others ) finds out who ( multiple who's, sure ) is in charge of the device pins at the manufacturers end, or at Law Enforcement's end ( hereafter, custodian ), and
1, hires a girl/boy/animal to sleep with or otherwise make the custodian vulnerable to black mail
2, directly pays the custodian sufficient money to make them give up the pins
3, kidnap the custodian and work on them with lead pipe, knives, etc until they give up the pin
4, kidnap a loved one of the custodian, and as above
5, etc
Or, find a back door in the communication mechanism of these pins from the manufacturers to Law Enforcement and lift them directly
One of the aspects of a free society, is the general concept of innocent until proven guilty
I keep telling people that if you can get away with a criminal behavior--if you can do it without getting caught, reliably--that behavior probably shouldn't be criminal. We have laws that prevent illegal search and seizure, which makes it kind of hard for the police to discover you've been fermenting apple juice into cider and enforce any law making the personal consumption of alcohol illegal if you're not getting drunk and becoming a rowdy nuisance (or worse). On the other hand, people know when they've been robbed, and it's hard to make a career as a thief without ever getting caught (or having to craft enormous master plans to keep your identity a secret--which usually only works in cheap romance novels targeted at a certain breed of reader).
We accept certain risks so we have protections against government overreach.
Support my political activism on Patreon.
Yeah, remember that thing from 1993 that was abandoned? There are certainly valid criticisms of Bill Clinton, but your comment is some pretty lame both-sides-ism.
If I'm ever a Jurror on a case where government obtained information without a warrant, I will do everything in my power to inspire the Jury to rule innocent.
Or any single computer with un-patched Meltdown susceptibility cracked.
Sent from my ASR33 using ASCII
I recommend an AK47.
Why would you want to encrypt anything, unless you are trying to hide something nefarious from the authorities?
False pretense.
Encryption does not hide things from the authorities. I don't even see how that claim is technically or physically possible.
Encryption hides things from *everyone*
The authorities are part of 'everyone', but the vastly larger group of everyone is also a part of 'everyone'.
If you personally have some magic encryption that hides things from the authorities and no one except the authorities, then perhaps yes you should be locked away for that.
But for the rest of us that posses no form of encryption that hides things from just the authorities and no one else, we don't even qualify as the class of people that doesn't exist that you are trying to classify us as.
No, they can't hold you in contempt until you unlock the phone unless you're dumb enough to use a fingerprint reader. We have this thing called the 5th Amendment that prevents the government from forcing us to become a witness against ourselves.
There is plenty of legal precedent against compelling users to enter passwords and assisting law enforcement with searches.
I'd like to see the organizers of the 2018 RSA Conference to be held in April invite Mr. Wray to join in the cryptographers panel to discuss this issue. They'll eat him alive.
Ron Wyden, my crypto-homie! Slappin DOWN that fuzz with the verbal beatstick ->
...SO I CAN BITCH SLAP THEM SUCCA-FOOLZ TOO!
I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you've personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.
Man, I never heard of him before, but I like this Ron guy.
HA! I just wasted some of your bandwidth with a frivolous sig!
The TSA demanded (and received) back-door master keys to your luggage for exactly the same reasons, for fighting them terrorists. Guess what? They leaked.
Also, Apple's signing keys are far less valuable, since you need a lot more than that to install software on their phones - and the signing mechanism has long been defeated by jailbreaking anyway. They have no master decryption keys. And there's zero actual evidence that Apple has given back-door access to user devices to China or anyone else, despite vaguely-worded reports about "security checks"; Apple continue to insist that not even Apple can do that.
Why would anyone engrave "Elbereth"?
Using Public-Key Cryptography. The same crypto generally used to secure the user's keys. Generate hierarchical public-secret keys from a shared seed similar to Bitcoin wallets that use Hierarchical-Deterministic Wallet addresses, so there can be a large number if separate Public-Secret Keypairs XOR the per-key seed by a "partitioning key".
Assume the company goes through a process where they generate 500,000 "Backdoor keypairs" using HSMs --- each "user" of the service will be assigned to a randomly chosen unique backdoor public key, in the process of generation, a copy of every decryption key the user has access to during key generation will be encrypted using EC public key crypto with the selected backdoor key, then during the one-time process when the original backdoor keys are being created: divide each key into something like 20 Shares requiring 15 of 20 crypto officers gather to assemble and authorize
1 usage of that particular backdoor key ---- make the selection of key unitholders so that no more than 5 reside on the same continent, no more than 3 reside in the same nation, no more than 2 reside in the same province/local part of a nation or work for the same agency, Then require another 15 of 20 people be present to yield the Partitioning seed of the particular Backdoor key to be utilized, thus eliminating the possibility of "Convenient, surreptitious" access ----- ordering each implementation of a specified user's backdoor key will require assembling a group of people coming from at least 5 nations.
I think this story illustrates a larger, and very old problem. Any sufficiently advanced technology is indistinguishable from magic. In this case the technology we use every day has become so advanced that MANY people (whom are NOT technology experts) really do see computing devices as working like magic. They don’t understand or want to understand how technologies work. All they see is how many amazing things their devices can do.
So the politicians and law enforcement types who demand backdoors for encrypted devices will never believe real experts, cryptographers, and engineers who tell them what they are asking for is, in fact, impossible. They see it as a political argument, instead of a technical limitation. They assume the experts are lying because they just don’t want the government to be able to unlock a phone.
I can't wait for these questions to appear on University Challenge.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
First, the keys tend to be on the devices and not central servers. That means you need a program on the devices that can transfer keys to arbitrary computers (since every jurisdiction has a different server and servers change their IP addresses from time to time). That means all you need to know is the packet used to request a key for one device and you can fashion the same packet and send it to any device. The key will then be sent back along that channel to the sender.
Second, router poisoning means that stuff destined for a proper server can take a shortcut. Router poisoning is a very common form of attack because most routers don't validate that messages come from proper routers. Even when they do, BGP4+ defines a minimal method of authentication using shared secrets.
Third, let's imagine they use names rather than IP addresses. Almost nobody uses DNSSec (because it's crap) and DNS is very easy to poison. Again, all your top secret keys go to Joe "Just Doin My Job" Mafia-IT-Dude Bloggs.
Fourth, I thought Sony and the recent scandal whereby ALL antivirus vendors sent US government information to Russia had kind of disabused people of the idea that intelligent people were running corporate databases.
Fifth, the DoD was bloody broken into by viruses on thumb drives that copied information across airwalls. Then there were Manning and Snowden - not criminals, but obviously accessing highly classified information that nobody had bothered to secure. The Chinese got hold of the current generation of stealth fighter plans because the DoD dumped hard drives without wiping them. And you trust the government not to do anything stupid. Sorry to disappoint, but you couldn't find stupider if you hunted through the WalMart greeters. These are not people I'd trust with the time of day.
Sixth, in order to have every key, they'd have to disable SSL and TLS. Completely. As these use ad-hoc keys. In fact, they'd have to get rid of IPSec as well. Every connection you made would have to use the same key. This would make international banking interesting. Particularly for fans of Bletchley Park. Perhaps you don't understand how cryptography works. When you use the same key for everything, it doesn't.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Not sure I agree with you.
Yes, I suppose Wyden has left a tiny sliver of wiggle room for LE. However let's be truthful. If we really could design a perfect backdoor, that would allow law enforcement and only law enforcement, and always under a proper search warrant (not a B.S. retroactive FISA warrant), wouldn't we do it? Or at least discuss doing it?
I think Wyden's statement that "...experts have repeatedly stated that what you are asking for is not, in fact, possible" adequately addresses that. It's impossible. Seems clear enough to me.
You can't even spell course and it's hard to say why you'd bother to hide this post behind AC.
Unless you're a paid piece of shit shill working to turn america into a shithole by eroding what remains of our global moral authority. Go eat a dick ivan.
Given how many keys would be generated if people continued using IPSec or TLS, it's obviously impossible to catalog them all along with the timestamps for their validity. That means everyone must have identical keys. That means exposure by one person exposes not just that one thing but absolutely everything.
Worse, because all messages would have to be encrypted with the same key, a Bletchley Park-style attack would quickly figure out what they key is. If you know the structure and enough of the plaintext content, then the remaining 1% should be easy to crack.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
If there are two independent keys that decrypt the message equally, then there are N independent keys that decrypt the message equally, where in many cases N approaches all the possible decryption keys. The pin is not something you compare X with, so simply having a second isn't simply comparing X with two values rather than one. The pin is a part (Byzantine Encryption) or all of the decryption key. Having two means your algorithm has got to have f(x, k) and f(x, y) produce identical values. For most functions, that means making k and y irrelevant. Which means your encryption isn't just weak, it doesn't exist.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The EFF no longer maintains the list. The original list was simply those printers that produced documents where the EFF could not see any yellow tracking dots. The EFF has put this note on that list:
Simply put, the EFF believes all printers have forensic tracking codes.
Just a few stories up there was a complaint that the Russians had been given access to view source code of software they wish to deploy into their Government agencies to check for exploits it has been suggested that pretty much any Government can request to view the source code of products which will deployed into their Agencies, so how long does this Christopher Wray suspect this "exclusive backdoor" will remain exclusive, I would suggest not very. This really does nothing but demonstrate the complete incompetence of the FBI at the highest levels.
People don't seem to realize that these senators and the FBI fully understand that you can't make these things entirely secure.
Rather, they want them completely vulnerable. They don't care about other people using backdoors, because even the slightest bug that results in access to something with a backdoor is something they hope to fill private prisons with, by making even accidental touching of the completely-fucked code "hacking".
This way anyone potentially capable of hacking who isn't one of them, and anyone who can sorta touch a computer without breaking it (so they're leaving themselves a big margin of error on education) is going to be ever so easily found guilty of computer crimes.
Ok, let's see how this works, disgruntled Silicon Valley Company worker is fired. Leaks backdoor to internet. Now encryption is worthless. True story.
*cough* Session keys *cough* motherfucker *cough* work reduction field *cough*
With Paxman frowning "Come on, come on. It's not difficult. At least not unless you're a politician"
-- Gaxx
Because encrypting also hides information from criminals.
The difference between our government and criminals is that criminals are more honest in not expecting you to praise them for stealing from you.
I expect for 99.99% of all encrypted data it is just information that isn't proof of wrong doing.
If 99.99% of drug sniffing dog "indicators" were false positives, the courts would still consider them reliable.
What did you mean if you didn't mean numbers?
And if you are now claiming the violent crime will be lss violent, well thats a win, and the whole point simpleton.
People not guns, bla bla. If we take away guns, all 12 year old girls will just become ninja assasins and start killing people with spoons.
How many innocent bystanders do you think will be accidently sliced in the jugular by a waywood spoon?